OneSwap WalletLegal

Legal

Privacy Policy

This policy explains what OneSwap Wallet processes, what stays local in your browser, what is stored in your Google Drive backup, and what backend and Canton infrastructure can see when you use the product.

Last updated: June 5, 2026

Overview

What this policy covers

This policy applies to the OneSwap Wallet web application, its wallet-scoped backend APIs, and the Google Drive encrypted-backup flow used by the product. It covers wallet creation, import, restore, local unlock, transfers, incoming offers, history, consolidation, and related support or security workflows.

It does not govern third-party services you use alongside the wallet, including Google, Canton validators, public block and update explorers, or any external application that links you into OneSwap Wallet.

Data categories

Information we process

Browser-local wallet dataEncrypted wallet vaults, locally derived public keys, party identifiers, session state, and user-facing wallet preferences stored in your browser.
Google account and backup dataGoogle identity information returned during sign-in, Drive app-data file metadata, and the encrypted wallet backup blob stored in the hidden Google Drive appDataFolder.
Wallet operation dataParty ids, public keys, balances, transfer requests, update ids, transaction hashes, fee estimates, and Canton preparation payloads needed to prepare or submit wallet actions.
Security and abuse-prevention dataProject API-key context, signed authentication challenges, request ids, Turnstile tokens when enabled, rate-limit signals, and basic API logs used to protect the service.
Public network-visible dataTransaction outcomes, counterparties, amounts, update ids, and other network-visible records that become part of Canton-facing validator or explorer surfaces.

Purpose

How we use information

  • To create, restore, unlock, and operate your wallet.
  • To prepare and submit Canton transactions you explicitly authorize.
  • To discover, upload, restore, or delete encrypted Google Drive backups.
  • To price and display balances, network-fee estimates, and activity history.
  • To secure the APIs against abuse, bots, fraud, or operational misuse.
  • To debug failures, monitor reliability, and improve product behavior.

Custody model

How Google backup works

OneSwap Wallet uses Google sign-in to identify a Drive app-data space for your wallet backup. The wallet vault is encrypted in the browser before upload. The Drive backup stores encrypted material only.

Important: OneSwap Wallet does not take server-side custody of your raw private key. The private key remains browser-controlled, and the Google Drive backup is an encrypted backup artifact, not a server-held wallet.
  • The encrypted backup is stored in the hidden Google Drive appDataFolder, not in normal Drive folders.
  • The app can check whether a backup exists, restore it, overwrite it, or delete it when you ask.
  • Changing Google OAuth app identity can make old hidden backups inaccessible to a new app identity.

Disclosures

When information is shared

OneSwap Wallet does not sell wallet data. Information is shared only as needed to operate the service:

  • With Google, when you use Google sign-in or Drive backup and restore.
  • With Canton participant, validator, registry, and transfer-factory infrastructure used for wallet actions.
  • With security providers such as Cloudflare services or Turnstile when those protections are enabled.
  • With counterparties and public network observers when a transaction becomes network-visible.
  • When required by law, regulation, or a valid legal process.

Storage lifecycle

Retention and deletion

Local wallet vault data remains in your browser until you clear it, uninstall the browser storage, or use the wallet reset and clear-vault controls. Google Drive encrypted backups remain until you delete them through the wallet reset flow or revoke the app's access through Google.

Backend operational logs and request metadata may be retained for as long as reasonably needed for security, abuse prevention, reliability, troubleshooting, and legal compliance.

User controls

Your choices and controls

  • You can import an existing key instead of generating a new browser keypair.
  • You can clear the local vault from the wallet reset flow or by clearing site storage in your browser.
  • You can delete the Google Drive encrypted backup through the reset-backup page.
  • You can revoke Google access from your Google account permissions settings.
  • You can stop using the product at any time.

Safeguards

Security

The wallet uses local signing, encrypted browser storage, challenge-based wallet authentication, API-key scoping, optional Turnstile verification on sensitive routes, and network-layer protections such as WAF and rate limiting. No internet-connected product can promise perfect security, and you remain responsible for protecting your device, PIN, browser profile, and Google account.

Policy updates

Changes to this policy

This policy may change as the product, integrations, or legal requirements change. When it does, the updated version will be posted on this page with a revised effective date.

Support

Contact

For product support, privacy questions, or backup issues, use the official OneSwap channels:

oneswap.ccdocs.oneswap.ccTelegram supportX @OneSwapCC

Quick links

PrivacyTermsDocsOpen Wallet